Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for two actively exploited zero-day vulnerabilities. Also, this patch includes a release for an updated edge version (111.0.1661.41) to fix multiple vulnerabilities. Microsoft has fixed (83) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform […]
Microsoft March 2023 Patch Tuesday Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products SAP Business Objects Business Intelligence Platform (CMC), SAP NetWeaver, SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP Business Objects (Adaptive Job Server), SAP Solution Manager and ABAP managed systems (ST-PI), SAP
SAP March 2023 Security Patch Day Read More »
Tenable has released security updates to fix a critical vulnerability in Tenable.sc, tenable.io, and Nessus. The addressed vulnerability could allow the authenticated attacker to modify the scan variables, and manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. Tenable Plugin Arbitrary Code Execution Vulnerability (CVE-2022-4313): • CVSS: 9.1 • Attack Vector: Network • Attack Complexity:
Tenable Security Updates 14 March 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. addressed vulnerabilities could allow the attacker to obtain sensitive information, or cause a denial of service attack on the affected products by sending a crafted IPv4 BFD packet to make line card exceptions or hard reset. Sample of the addressed vulnerabilities: Cisco IOS XR Software for
Cisco Security Updates 09 March 2023 Read More »
Veeam has released a security patch to fix a vulnerability that affects all Veeam Backup & Replication versions. The addressed vulnerability could allow the remote attacker to obtain encrypted credentials stored in the configuration database and gain access to the backup infrastructure hosts. It should be highlighted that the patch must be installed on the Veeam Backup & Replication
Veeam Security Update 09 March 2023 Read More »
Google has released an updated Chrome version (111.0.5563.64/.65) for Windows and (111.0.5563.64) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 08 March 2023 Read More »
SonicWall has released security updates to address vulnerabilities in SonicOS which runs on SonicWall firewalls and provides the web management interface for configurations. The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or bypass security restrictions on the affected products. Sample of the addressed vulnerabilities: SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656): •
SonicWall Security Updates 05 March 2023 Read More »
Linux has released security updates to fix vulnerabilities in Linux Kernel and Sudo utility before 1.9.13p2. The addressed vulnerabilities could allow the attacker to execute arbitrary code or cause a denial of service attack on the affected system. Sample of the addressed vulnerabilities: 1. Sudo Code Execution Vulnerability (CVE-2023-27320): • CVSS: 9.8 • Attack Vector: Network •
Linux Security Updates 02 March 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to gain access, obtain information, cause a denial of service, and trigger Cross-site Scripting (XSS) or server-side request forgery (SSRF) attacks on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IP Phone Command Injection Vulnerability
Cisco Security Updates 02 March 2023 Read More »
Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, bypass security restrictions, and perform crosssite scripting. Sample of the addressed vulnerabilities: Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity:
Aruba Security Updates 01 March 2023 Read More »
Microsoft has released an updated Edge version (110.0.1587.56) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system. Sample of the addressed vulnerabilities: 1. Edge
Microsoft Edge Security Update 26 February 2023 Read More »
Google has released an updated Chrome version (110.0.5481.177/.178) for Windows and (110.0.5481.177) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 23 February 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, or cause a denial of service attack on the affected systems. Sample of the addressed vulnerabilities: Cisco APIC and Cisco Cloud Network Controller CSRF (CVE-2023-20011): • CVSS: 8.8 • Attack Vector: Network • Attack
Cisco Security Updates 23 February 2023 Read More »
VMware has released security updates to fix multiple vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the remote authenticated attacker to read arbitrary files, cause a denial of service attack, conduct an SSRF attack, or execute arbitrary code by using specially-crafted request/XML content to gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware
VMware Security Updates 22 February 2023 Read More »
Tenable has released security updates to fix multiple vulnerabilities in Tenable.sc versions 5.22.0 to 5.23.1 and 6.0.0. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, obtain information, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Curl libcurl Denial of Service (CVE-2022-42915): • CVSS: 9.8 • Attack
Tenable Security Updates 22 February 2023 Read More »
Apache has released security updates to address vulnerabilities in multiple products. The addressed vulnerabilities could allow the remote attacker to manipulate data or cause a denial of service attack on the vulnerable system. Sample of the addressed vulnerabilities: Apache Commons FileUpload and Tomcat Denial of Service (CVE-2023-24998): • CVSS: 7.5 • Attack Vector: Network • Attack Complexity:
Apache Security Updates 21 February 2023 Read More »
Atlassian has released security updates to address vulnerabilities in the “Git” utility that affects multiple products. The addressed vulnerabilities could allow the remote attacker to gain access to the affected systems. Sample of the addressed vulnerabilities: Git Integer Overflow Vulnerability (CVE-2022-41903): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity: Low • Privileges Required: None •
Atlassian Security Updates 20 February 2023 Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, or escalating the privileges on the affected products. Sample of the addressed vulnerabilities: 1. FortiNAC – External Control of File Name or Path in
Fortinet Security Updates 18 February 2023 Read More »
Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform cross-site scripting attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Cisco ClamAV Buffer Overflow (CVE-2023-20032): • CVSS:
Cisco Security Updates 16 February 2023 Read More »
Intel has released security updates to fix several vulnerabilities in multiple products. The addressed vulnerabilities could allow the remote attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, causing a denial of service, or escalating the privileges on the affected products. Sample of the addressed vulnerabilities: 1- Intel Integrated BMC and OpenBMC
Intel Security Updates 16 February 2023 Read More »
